Authentication system, authentication device, authentication data producing device, and authentication method

ABSTRACT

Upon receiving an encipherment command, an enciphered authentication data generation circuit generates an enciphered authentication data based on a basic authentication data including a random number portion using an encipherment rule. The encipherment rule changes according to the number of supplied encipherment commands. A transmission circuit  7  transmits the enciphered authentication data. A reception circuit  9  receives the enciphered authentication data transmitted from a second device  300.  A prohibition command output circuit  11  determines whether the enciphered authentication data transmitted from the second device  300  matches with an enciphered authentication data that would be generated if the same number of encipherment commands were supplied to an enciphered authentication data generation circuit of a first device  200,  and outputs a prohibition command to prohibit a transmission of the data to be transmitted when the determination result is negative.

TECHNICAL FIELD

The present invention relates to an authentication at a transmission ofdata to be transmitted between a first device and a second device, andmore particularly to an improvement in security thereof.

BACKGROUND ART

A data communication system employing an IC card has been proposed forapplications to ski lifts, automatic card examination devices forrailways, automatic sorting of luggage or the like.

FIG. 1 shows a structure of a communication system employing a noncontact type IC card as an example of data communication systemsemploying IC cards. This system includes an interrogator 240 (mounted ona gate of a ski lift, for example) and a non contact type IC card 220.

Interrogator 240 sends a high frequency carrier from an oscillatingcircuit 249 through an antenna 241 under the control of a controlportion 248 on the side of the interrogator. When non contact type ICcard 220 comes to the vicinity of interrogator 240, non contact type ICcard 220 receives the high frequency carrier at an antenna 223 thereof.A power supply generation circuit 225 converts the received highfrequency wave into a d.c. current and supplies power to other circuitportions. Thus non contact type IC card 220 becomes operable in thevicinity of interrogator 240.

Here, information is transmitted from interrogator 240 to non contacttype IC card 220 as the above mentioned high frequency carrier isdemodulated at a modulating/demodulating circuit 233. A control portion235 on the side of the card performs required processes such asrewriting of contents of a memory 237 and answering the receivedinformation based on the demodulated information.

On the other hand, the information is also transmitted from non contacttype IC card 220 to interrogator 240. As non contact type IC card 220 isnot provided with an oscillating circuit, the information transmissionis performed as described below. First, unmodulated high frequencycarrier is sent from the side of interrogator 240, and an impedance of aresonance circuit 222 is changed by modulating/demodulating circuit 233at the side of non contact type IC card 220. This change in impedance isdetected by interrogator 240 as the impedance change in a resonancecircuit 242 on the side thereof and is demodulated by amodulating/demodulating circuit 246. Control portion 248 receives thedemodulated information and performs required processes.

When non contact type IC card 220 leaves interrogator 240, the powersupply is stopped and therefore the operation of non contact type ICcard 220 is stopped. At this time, memory 237, which is a non-volatilememory, holds the stored information regardless of a cease of powersupply.

Non contact type IC card 220 as described above can be used as a prepaidcard by storing a predetermined count in memory 237 and rewriting datain memory 237 according to a use count.

The communication data between the interrogator and the IC card isenciphered. By this encipherment, an unauthorized computer connected inplace of an IC card is prevented from pretending as an authorized ICcard (hereinafter this is called “pretense”).

The conventional communication system employing the IC card as describedabove, however, is not immune to the problem. For example, even with theencipherment of the communication data as described above, the pretenseis possible once a cipher is decrypted.

In particular, when the IC card is used for a telephone, once anauthentication process to set up the communication is deciphered and aconnected state is established, the connected state can be maintainedfor hours at will.

DISCLOSURE OF THE INVENTION

An object of the present invention is to provide an authenticationsystem and an authentication method to prevent the so called pretense.

Another object of the present invention is to provide an authenticationsystem and an authentication method for an authentication system of atelephone where a determination can be made whether there is pretense ornot even after an authentication process at the set up of the connectionis deciphered.

In brief, the present invention is an authentication system fordetermining whether a data transmission between a first device and asecond device is to be permitted or not, and each of the first and thesecond devices has a decoding circuit and a transmitting circuit.

The decoding circuit enciphers the data while changing an enciphermentrule for each unit transmission of the data to be transmitted. Thetransmitting circuit transmits the enciphered authentication data.

According to another aspect of the present invention, the presentinvention is an authentication system transmitting an encipheredauthentication data between a first device and a second device anddetermining whether a transmission of data to be transmitted betweensaid first device and said second device is to be permitted or not, andeach of the first and the second devices includes a decoding circuit anda transmitting circuit.

The decoding circuit enciphers the authentication data while changing anencipherment rule for each unit transmission of the data to betransmitted. The transmitting circuit transmits the encipheredauthentication data.

According to still another aspect of the present invention, the presentinvention is an authentication system employed upon a transmission ofdata to be transmitted between a first device and a second device, andthe first device includes a basic authentication data store circuit, afirst enciphered authentication data generation circuit, a firsttransmitting circuit, a first receiving circuit, and a prohibitioncommand output circuit. The second device includes a second receivingcircuit, a basic authentication data acquisition circuit, a secondenciphered authentication data generation circuit, and a secondtransmitting circuit.

The first basic authentication data store circuit stores a basicauthentication data. The first enciphered authentication data generationcircuit generates an enciphered authentication data based on the basicauthentication data using an encipherment role when an enciphermentcommand is provided. The first enciphered authentication data generationcircuit changes the encipherment rule according to the number ofsupplied encipherment commands.

The first transmitting circuit transmits the enciphered authenticationdata. The first receiving circuit receives an enciphered authenticationdata transmitted from the second device.

The second receiving circuit receives the enciphered authentication datatransmitted from the first device. The basic authentication dataacquisition circuit extracts the basic authentication data from theenciphered authentication data based on the encipherment rule employedin the enciphered authentication data generation circuit.

The second basic authentication data store circuit stores the extractedbasic authentication data.

The second enciphered authentication data generation circuit generatesan enciphered authentication data according to the same enciphermentrule as in the first device. The second enciphered authentication datageneration circuit changes the encipherment rule according to the numberof supplied encipherment commands. The second transmitting circuittransmits the enciphered authentication data.

The prohibition command output circuit determines whether or not theenciphered authentication data transmitted from the second devicematches with an enciphered authentication data that would be generatedwhen the same number of encipherment commands were supplied to the firstenciphered authentication data generation circuit, and supplies aprohibition command to prohibit the transmission of the data to betransmitted when a determination result is negative.

According to still more another aspect of the present invention, thepresent invention is an authentication method employed upon atransmission of data to be transmitted between two devices, and includesthe steps of: changing an encipherment rule according to the number ofsupplied encipherment commands, and generating a first encipheredauthentication data based on a basic authentication data at one deviceof the two devices; transmitting the first enciphered authenticationdata from one device to another device of the two devices; decipheringthe first enciphered authentication data received from one device,extracting the basic authentication data, generating a second encipheredauthentication data according to the encipherment rule at another deviceand transmitting the second enciphered authentication data; comparingthe second enciphered authentication data received at one device withdata generated by enciphering the fast enciphered authentication dataaccording to the encipherment rule according to the number of suppliedencipherment commands and determining whether the two data match witheach other; and allowing the transmission of the data to be transmittedwhen a result of the determination is a match.

Therefore, a main advantage of the present invention is that as theencipherment rule for enciphering the data transmitted between the firstdevice and the second device is changed for each unit transmission, anauthentication system where the so called pretense is hard to performcan be provided.

Another advantage of the present invention is that the encipherment rulefor enciphering the authentication data is changed for each unittransmission in order to modify the enciphered authentication datatransmitted between the first device and the second device, whereby anauthentication system where the so called pretense is hard to performcan be provided.

Still another advantage of the present invention is that the basicauthentication data stored in the first device can be transmitted to thesecond device and that the transmission between the first device and thesecond device can be prohibited when the enciphered authentication datain the second device is generated according to a different generationprocess. Thus, an authentication system where the so called pretense ishard to perform can be provided.

A still further advantage of the present invention is that thetransmission between the first device and the second device can beprohibited when the generation process of the enciphered authenticationdata performed by the second device is different from the generationprocess of the enciphered authentication data performed by the firstdevice.

A still more further advantage of the present invention is that even ifthe basic authentication data is not stored in one of the two devicesperforming the data transmission, the transmission of data can beprohibited when the enciphered authentication data generated in onedevice does not match with the enciphered authentication data generatedin another device.

The foregoing and other objects, features, aspects and advantages of thepresent invention will become more apparent from the following detaileddescription of the present invention when taken in conjunction with theaccompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a conventional IC card 400.

FIG. 2 shows an overall structure of an authentication system 100according to the present invention.

FIG. 3 shows a hardware structure of a first device 200.

FIG. 4 shows a hardware structure of a second device 300.

FIG. 5A shows a status of data held in a basic authentication datalatch, a comparing latch, and a shift register of first device 200 at afirst transmission, FIG. 5B shows a status of data held in the basicauthentication data latch, the comparing latch, and the shift registerof first device 200 at a preparation, and FIG. 5C shows a status of dataheld in the basic authentication data latch, the comparing latch, andthe shift register of first device 200 at a reception.

FIG. 6A shows a status of data held in a basic authentication datalatch, a comparing latch, and a shift register of a second device 300 ata reception, FIG. 6B shows a status of data held in the basicauthentication data latch, the comparing latch, and the shift registerof second device 300 at a transmission, and FIG. 6C shows a status ofdata held in the basic authentication data latch, the comparing latch,and the shift register of second device 300 at a preparation.

FIG. 7 is a flow chart of an authentication method according to thepresent invention.

BEST MODES FOR CARRYING OUT THE INVENTION

FIG. 2 is a functional block diagram showing a structure of anauthentication system 100 according to the present invention. Withreference to FIG. 2, authentication system 100 performs anauthentication upon a transmission of data to be transmitted between afirst device 200 and a second device 300.

First device 200 includes, a random number generation circuit 2, a basicauthentication data generation circuit 4, a basic authentication datastore circuit 3, an enciphered authentication data generation circuit 5,a transmission circuit 7, a reception circuit 9 and a prohibitioncommand output circuit 11. Random number generation circuit 2 generatesa random number. Basic authentication data generation circuit 4generates a basic authentication data to be stored in basicauthentication data store circuit 3, based on a preset setting data andthe random number.

Upon receiving an encipherment command, enciphered authentication datageneration circuit 5 generates an enciphered authentication data basedon the basic authentication data using the encipherment rule. Theencipherment rule changes according to the number of suppliedencipherment commands. In this embodiment, the encipherment rule ischanged according to the number of supplied encipherment commands bychanging the number of processes repeated for enciphering the encipheredauthentication data. Transmission circuit 7 transmits the encipheredauthentication data.

On the other hand, second device 300 includes a reception circuit 19, abasic authentication data acquisition circuit 22, a basic authenticationdata store circuit 13, an enciphered authentication data generationcircuit 15 and a transmission circuit 17.

Reception circuit 19 receives the enciphered authentication datatransmitted from first device 200. Basic authentication data acquisitioncircuit 22 extracts the basic authentication data from the encipheredauthentication data based on the encipherment rule employed atenciphered authentication data generation circuit 5 of first device 200.Basic authentication data store circuit 13 stores the extracted basicauthentication data.

Enciphered authentication data generation circuit 15 generates anenciphered authentication data according to the same encipherment ruleas employed at enciphered authentication data generation circuit 5.

Here, the encipherment rule changes according to the number of suppliedencipherment commands as in the first device. Transmission circuit 17transmits the enciphered authentication data.

Reception circuit 9 of first device 200 receives the encipheredauthentication data transmitted from second device 300. Prohibitioncommand output circuit 11 determines whether the encipheredauthentication data transmitted from second device 300 matches with anenciphered authentication data that would be generated when the samenumber of encipherment commands were given to the encipheredauthentication data generation circuit of first device 200, and when thedetermination result is negative, prohibition command output circuit 11outputs a prohibition command to prohibit the transmission of the datato be transmitted.

Therefore, the basic authentication data stored in first device 200 canbe transmitted to second device 300.

When the enciphered authentication data in second device 300 isgenerated by a generation process different from that performed forgenerating the enciphered authentication data in the first device, thetransmission between first device 200 and second device 300 can beprohibited. Thus, the authentication system where the so called pretenseis hard to perform can be provided.

FIG. 3 is a schematic block diagram referenced for describing a hardwarestructure of first device 200.

First device 200 includes a main control portion 41, a random numbergenerator 43, a random number latch 45, a password store portion 47, abasic authentication data latch 49, a computing element 51, a decoder53, an ROM (Read Only Memory) 55, a shift register 57, a comparing latch59, a comparator 61, and a transmission/reception circuit 63.

Main control portion 41 controls every portion of first device 200 asdescribed later.

Random number generator 43 generates a 64-bit random number, forexample, when a random number generation command is supplied from maincontrol portion 41.

Random number latch 45 holds the random number generated at randomnumber generator 43.

Password store portion 47 stores three passwords. Here, a password 1 isa 32-bit password for a first hardware manufacturer, a password 2 is a16-bit password for an operator of first device 200, and a password 3 isa 16-bit password for a software designer of the first device.

Basic authentication data latch 49 holds 128-bit data supplied frompassword store portion 47 and random number latch 45. In thisembodiment; data held in basic authentication data latch 49 is the basicauthentication data.

Comparing latch 59 holds a 128-bit initial value in an initial state. Inthis embodiment, “00 . . . 00” (128 bits), for example, is held as theinitial value.

Computing element 51 performs a predetermined operation on data held inbasic authentication data latch 49 and comparing latch 59. To bespecific, computing element 51 performs an exclusive OR operation onthese data. Upon receiving 128-bit data, decoder 53 decodes the datainto 16-bit data. ROM 55 stores data of 128-bit data lengthcorresponding to each 16-bit address and data converts the 16-bit datainto a predetermined 128-bit data. Thus the encipherment process for128-bit data is performed.

Comparator 61 compares data from shift register 57 with data fromcomparing latch 59 and outputs the comparison result to main controlportion 41. Transmission/reception circuit 63 transmits/receives datato/from second device 300.

In shift register 57, every 128 bits of input/output to/from ROM 55 orcomparator 61 are processed in parallel, and input/output to/fromtransmission/reception circuit 63 is processed in series one bit by onebit.

FIG. 4 is a schematic block diagram referenced for describing a hardwarestructure of second device 300.

Second device 300 includes a main control portion 81, a random numberlatch 85, a password store portion 87, a basic authentication data latch89, a computing element 91, a decoder 93, an ROM 95, a shift register97, a comparing latch 99, a transmission/reception circuit 103, an ROM105, an encoder 107, and a random number decoder 109.

Random number latch 85, password store portion 87, basic authenticationdata latch 89, computing element 91, decoder 93, ROM 95, shift register97, comparing latch 99, and transmission/reception circuit 103 are ofthe same structures with random number latch 45, password store portion47, basic authentication data latch 49, computing element 51, decoder53, ROM 55, shift register 57, comparing latch 59, andtransmission/reception circuit 63 of FIG. 2, respectively, and thedescription thereof will not be repeated.

ROM 105 is for performing a process (deciphering) reverse to that of ROM55. ROM 105 stores data of 16-bit data length corresponding to each128-bit address and converts 128-bit data to predetermined 16-bit data.

Encoder 107 performs a process reverse to that of decoder 53. Uponreceiving 16-bit data, encoder 107 encodes the data into predetermined128-bit data. Random number decoder 109 takes 64-bit data out from the128-bit data, employing the 64-bit data stored in password store portion87. The 64-bit data thus obtained is held in random number latch 85.

Thus, second device 300, though having a similar structure to firstdevice 200, is different from the first device in the following point.

Second device 300 includes ROM 105, encoder 107 and random numberdecoder 109 instead of random number generator 43 and comparator 61.

Next, an authentication process will be described.

First, in first device 200, when first 8 bit of the data to betransmitted is supplied to shift register 57, main control portion 41detects it and provides a random number generation command to randomnumber generator 43.

In response to the command, random number generator 43 generates arandom number of 64 bits. Here, the value of the 64-bit random number isrepresented by r.

The value of the random number generated at random number generator 43is held in random number latch 45.

Basic authentication data latch 49 holds 128-bit data supplied frompassword store portion 47 and random number latch 45.

Here, data held in basic authentication data latch 49 is represented asdata D. Here, comparing latch 59 holds an initial value “00 . . . 00”(128 bits) in an initial state, and computing element 51 performs anexclusive OR operation.

Decoder 53 decodes 128-bit data to 16-bit data. ROM 55 data converts thesupplied 16-bit data to 128-bit data. The 128-bit data is supplied toshift register 57. The data supplied to shift register 57 is representedas data D′. The data D′ is added to the head of the data to betransmitted and the resulting data is transmitted fromtransmission/reception circuit 63.

FIG. 5A is a diagram showing data held in basic authentication datalatch 49, comparing latch 59 and shift register 57; FIG. 5A, FIG. 5B andFIG. 5C show status of data at a first transmission, at a preparationand at a reception, respectively.

On the other hand, FIG. 6 is a diagram showing a transition of data heldin the basic authentication data latch, the comparing latch, and theshift register of second device 300; FIG. 6A, FIG. 6B and FIG. 6C showstatus of data at a reception, at a transmission and at a preparation,respectively.

With reference to FIGS. 5A-6C, as shown in FIG. 5A, at a firsttransmission of the enciphered authentication data, basic authenticationdata latch 49 holds data D, comparing latch 59 holds data 0, and shiftregister 57 holds data D′. Then, main control portion 41 outputs a fetchcommand to comparing latch 59.

Upon receiving the fetch command, comparing latch 59 holds data D′,because data from ROM 55, that is data D′, has been supplied to an inputof comparing latch 59.

When comparing latch 59 holds data D′, data from ROM 55, that is data (Deor D′)′ is supplied to the input of comparing latch 59 throughcomputing element 51, decoder 53, and ROM 55.

Here, D eor D′ represents an exclusive OR of data D and data D′.

Main control portion 41 again outputs the fetch command to comparinglatch 59. Whereby data (D eor D′)′ is held in comparing latch 59.

Thus in first device 200, comparing latch 59 holds data generated byfurther enciphering the enciphered authentication data supplied totransmission/reception circuit 63 after the transmission to seconddevice 300 as shown in FIG. 5B.

On the other hand, second device 300 shown in FIG. 4 receives the datato be transmitted with data D′ at transmission/reception circuit 103.First 128-bit data of the data to be transmitted with data D′ issupplied to ROM 105 and is data converted to 16-bit data.

Encoder 107 encodes the supplied 16-bit data to 128-bit data.

Random number decoder 109 takes 64-bit data from the 128-bit data using64-bit data stored in password store portion 87. Thus obtained 64-bitdata is held in random number latch 85.

Thus, the random number r generated in first device 200 can betransmitted to random number latch 85 of second device 300.

Next, in response to a reception signal of transmission/receptioncircuit 103, main control portion 81 supplies the fetch command to basicauthentication data latch 89. Then basic authentication data latch 89fetches data held in random number latch 85 and password store portion87. In this case, shift register 97 holds data D′, the basicauthentication data latch holds data D and comparing latch 99 holds data0 as shown in FIG. 6A.

When first 8 bits of the data to be transmitted is supplied to shiftregister 97, main control portion 81 detects it and supplies the fetchcommand to basic authentication data latch 89. Thus basic authenticationdata latch 89 holds 128-bit data supplied from password store portion 87and random number latch 85.

Here, similar to the first device, data D is held in basicauthentication data latch 89. Because data held in random number latch85 and the password stored in password store portion 87 are same withthose in the first device.

Comparing latch 99 holds an initial value “00 . . . 00” (128 bits) in aninitial state as in first device 200.

Computing element 91 performs an exclusive OR operation on the data heldin basic authentication data latch 89 and comparing latch 99.

Decoder 93 decodes 128-bit data into 16-bit data. ROM 95 data convertsthe supplied 16-bit data into 128-bit data. The 128-bit data is suppliedto shift register 97. In this case, data (D eor D′)′ is supplied toshift register 97.

When control portion 91 sends a transmission command, data (D eor D′)′is added to the head of the data to be transmitted as a secondenciphered authentication data and is transmitted fromtransmission/reception circuit 103.

Data held in basic authentication data latch 89, comparing latch 99 andshift register 97 are shown in FIG. 6B. As can be seen from the drawing,when a first enciphered authentication data of the second device istransmitted, basic authentication data latch 89 holds data D, comparinglatch 89 holds data D′ and shift register 97 holds data (D eor D′)′.

Then main control portion 81 outputs the fetch command to comparinglatch 99.

As data from ROM 95, that is data (D eor D′)′, has been supplied to aninput of comparing latch 99, comparing latch 99 holds data (D eor D′)′in response to the fetch command.

When data (D eor D′)′ is held in comparing latch 99, data from ROM 95,that is data (D eor (D eor D′)′)′, is supplied to an input of comparinglatch 99 through computing element 91, decoder 93 and ROM 95.

Then again, main control portion 81 outputs the fetch command tocomparing latch 99. Then comparing latch 99 holds data (D eor (D eorD′)′)′.

Thus, also in second device 300, comparing latch 99 holds the dataenciphered through computing element 91, decoder 93 and ROM 95 after thetransmission of data to the first device, as shown in FIG. 6C.

The data is held for the following reason. In this embodiment, theencipherment process is performed whenever data for collation is sentfrom first device 200 to second device 300 or from second device 300 tofirst device 200. Therefore, first device 200 and second device 300 mustoperate so as to coincide the process performed in each device with eachother.

First device 200 receives the data to be transmitted with data (D eorD′)′ at transmission/reception circuit 63. When the data to betransmitted with data (D eor D′)′ is supplied to shift register 57, maincontrol portion 41 supplies an output command to shift register 57.

Then first 128-bit of the data is supplied to comparator 61. Inaddition, main control portion 41 supplies a collation command tocomparator 61.

Then comparator 61 compares data held in comparing latch 59 with datasupplied from shift register 57. In this case, as first device 200 andsecond device 300 are authorized devices, comparator 61 sends a matchsignal to main control portion 41.

If second device 200 is a disguising device, data held in comparinglatch 59 does not match with data supplied from shift register 57, andmain control portion 41 outputs a transmission prohibition command. Thusthe pretense can be securely prevented.

Thereafter, a third enciphered authentication data is transmitted fromfirst device 200 in the same manner and second device 300 determineswhether the transmitted enciphered authentication data matches with datastored in comparing latch 59 or not.

In the authentication system according to the present invention, uponreceiving the encipherment command, the first device generates theenciphered authentication data according to the number of suppliedencipherment commands based on the basic authentication data, andtransmits the enciphered authentication data, as described above. Thesecond device receives the enciphered authentication data transmittedfrom the first device, extracts the basic authentication data from theenciphered authentication data based on the encipherment rule employedin the enciphered authentication data generation circuit and stores theextracted authentication data. Then the second device generates theenciphered authentication data according to the number of suppliedencipherment commands based on the basic authentication data andtransmits the generated enciphered authentication data. The first devicedetermines whether the enciphered authentication data transmitted fromthe second device matches with an enciphered authentication data whichwould be generated when the same number of encipherment commands weresupplied to the enciphered authentication data generation circuitthereof, and if the determination result is negative, the first deviceoutputs the prohibition command to prohibit the transmission of the datato be transmitted.

Thus, by sequentially modifying the enciphered authentication data foreach unit of the data to be transmitted and transmitting the modifieddata, the pretense can be securely prevented.

FIG. 7 is a flow chart showing a flow of the authentication method inaccordance with the present invention.

First, at the side of the first device, the random number is generatedto generate the basic authentication data (Step 102).

Then, the basic authentication data is generated based solely on thegenerated random number or on the generated random number and apredetermined password, or the like (Step 104).

Then, the basic authentication data is further enciphered according tothe encipherment rule corresponding to the number of suppliedencipherment commands, and the enciphered authentication data isgenerated (Step 106).

Thereafter, the enciphered authentication data is added to the data tobe transmitted and the resulting data is transmitted to the seconddevice (Step 108).

On the other hand, the enciphered authentication data is furtherenciphered based on the same encipherment rule as used in Step 106described above (Step 120).

At the side of the second device, the enciphered authentication datatransmitted from the transmission side is received (Step 110), and isdeciphered based on the same encipherment rule as used at the side offirst device (Step 112).

Then, the basic authentication data is obtained from the decipheredreceived data (Step 114).

Then, encipherment is performed again based on the obtained basicauthentication data and the same encipherment rule as used at the sideof the first device (Step 116), and the resulting data is transmitted tothe side of the first device (Step 118).

At the side of the first device, the enciphered authentication data isreceived from the side of the second device (Step 122) and theenciphered authentication data enciphered in Step 120 at the side of thefirst device is compared with the enciphered authentication datareceived from the second device at Step 122 (Step 124). In other words,it is determined whether the data matches with an encipheredauthentication data which would be generated when the same number ofencipherment commands were supplied to the enciphered authenticationdata generation circuit thereof.

If the comparison result is a match (Step 126), the connected state ismaintained (Step 128).

Contrarily, if the comparison result is not a match (Step 126),transmission/reception is prohibited (Step 130).

With the above described structure, the encipherment rule forenciphering can be changed for each unit transmission of the data to betransmitted from the first device in the authentication method of thepresent invention.

Thus, it is possible to provide an authentication system where theso-called pretense is hard to perform.

In addition, as the 128-bit data is added to the head of the data to betransmitted, the data to be transmitted is also ciphered in effect whenthe entire data including the data to be transmitted and the addedenciphered authentication data is considered as the data to betransmitted. Thus the command (code) is protected from unauthorizedaccess.

Alternatively, it is possible to transmit only the encipheredauthentication data and perform the collation as described above,instead of adding the enciphered authentication data to the data to betransmitted and transmitting the resulting data.

In this embodiment, the enciphered authentication data transmitted fromthe second device is left unchanged and the data generated byenciphering again the enciphered authentication data through computingelement 51, decoder 53 and ROM 55 is stored in comparing latch 59whereby determination on the match is performed.

Thus, first device 200 does not require a circuit for performing areverse process of computing element 51, decoder 53 and ROM 55.

The present invention, however, is not limited to the above mentionedmethod and the enciphered authentication data transmitted from thesecond device may be deciphered and compared by a circuit performing thereverse process of computing element 51, decoder 53 and ROM 55.Alternatively, only a portion rather than an entire portion of thereverse process of computing element 51, decoder 53 and ROM 55 may beperformed at the side of first device 200 and the encipheredauthentication data transmitted from the second device may be processedso as to match with the data.

Though in this embodiment, the description is made assuming that thepresent invention is adapted to the IC card (the second device) and aread/write device (the first device) thereof, the authentication deviceand the authentication method in accordance with the present inventioncan be employed in any device other than the IC card as described aboveas far as it is a system for transmitting data between a first deviceand a second device.

In addition, the present invention can be applied to a contact type ICcard as well as the non contact type IC card.

Here in this embodiment, generation of enciphered data different fromthe previous data is realized by feedback of input data. Alternatively,a structure where a value of input data is modified based on apredetermined rule can be employed. Further alternatively, a structurewhere an algorithm of encipherment itself is modified without themodification of the input data can be employed.

In this embodiment, when leading 8 bits of the data to be transmitted issupplied to the shift register, the enciphered authentication data isadded to the data to be transmitted and is transmitted. An alternativestructure can be adapted in which the enciphered authentication dataalone is transmitted every predetermined time period with thepredetermined time counted by a timer, independently of the transmissionof data to be transmitted.

In addition, though the enciphered authentication data is modified foreach data to be transmitted in this embodiment, a structure may beadapted in which the enciphered authentication data is modified for eachplurality of data to be transmitted.

Further, though in this embodiment, the enciphered authentication datais generated when 8-bit data is detected, this structure is not intendedto be limiting and an alternative structure can be adapted, for example,where a generation tiring of the enciphered authentication data isdetermined according to a time required for the generation process ofthe enciphered authentication data.

In addition, bit lengths of the enciphered authentication data and thedata to be transmitted are not limited to the length mentioned above.

In this embodiment, data on the number of encipherment commands itselfis not transmitted, and the number of encipherment commands used at thecollation is determined through repeating the encipherment process onceat each of the first and second devices. Therefore, it is hard for athird person to analyze how data is enciphered.

The structure of the present invention, however, is not limited to theabove mentioned structure and the number of encipherment commands itselfmay be transmitted.

Alternatively, a structure can be adapted in which a part of the valueof the random number is determined in the first device and the remainingpart of the value is determined in the second device, and thecombination thereof is stored in random number latch 45 and randomnumber latch 85. With such structure, the security can further beimproved.

Alternatively, the structure described above realized as a hardware canbe implemented in a software.

In the above description, the structure where “the encipherment rulechanges according to the number of supplied encipherment commands”includes a structure where a plurality of encipherment rules are storedand the adapted rule is switched from one to another according to thenumber of supplied encipherment commands, as well as the structure ofthe embodiment described above where the encipherment rule is changedaccording to the number of supplied encipherment commands by modifyingthe repetition level of the encipherment.

Here, “repetition level” means the number of encipherment processesperformed through computing element 51, decoder 53 and ROM 55 in firstdevice 200, and the number of encipherment processes performed throughcomputing element 91, decoder 93 and ROM 95 in second device 300.

In addition, the authentication system of the present invention can beused for authentication between a telephone and an IC card for thetelephone. In this case, a count deletion command which is a data to betransmitted is supplied to control portion 41 on the side of thetelephone every time a predetermined period allowed for conversationcorresponding to one count elapses. In this structure, the enciphermentprocess may be performed by ROM 55 and so on and the encipheredauthentication data may be sent from transmission/reception circuit 63to the IC card.

Therefore, the collation as described above can be performed every timethe predetermined period of conversation corresponding to one countelapses. Alternatively, the enciphered authentication data may be sentevery time the predetermined period of conversation for some countsdefined as a unit count elapses rather than every time the predeterminedperiod of conversation for one count elapses.

Alternatively, when the present invention is used for the telephone, astructure is conceivable where a remaining count stored in the IC cardis read out first and the conversation is allowed in the range of theremaining count, and the data to be transmitted is transmitted to the ICcard during the conversation and at the end of the conversation a countremained at this point is transmitted to the side of the IC card and thecount stored in the IC card is rewritten. In this case, the encipheredauthentication data alone may be sent every time a predetermined timeperiod elapses.

Specifically, a structure can be adapted where time elapse is counted bya timer and the encipherment command is supplied to control portion 41when a predetermined time period elapses, and an encipherment process isperformed by ROM 55 and so on.

In this embodiment, the enciphered authentication data for performingthe authentication is added to the head of the data to be transmittedand the resulting data is transmitted so that the receiving side canextract the enciphered authentication data. The present invention,however, is not limited to this structure, and an alternative structurecan be adapted in which data with a predetermined content is set as thedata to be transmitted and enciphered according to a predeterminedencipherment rule and transmitted, and the receiving side performs acorresponding deciphering process and determines whether the transmitteddata to be transmitted is the data of the predetermined content or not.

In other words, “authentication data” means not only the datatransmitted separately from the data to be transmitted but also the datato be transmitted itself indirectly utilized as the authentication data.

Here, “the encipherment rule changes for each unit transmission” meansnot only the case in which the encipherment rule changes for eachtransmission from the transmitting side to the receiving side, that isfor each one transmission, but also the case in which the enciphermentrule changes every predetermined times of transmissions.

Although the present invention has been described and illustrated indetail, it is clearly understood that the same is by way of illustrationand example only and is not to be taken by way of limitation, the spiritand scope of the present invention being limited only by the terms ofthe appended claims.

1. An authentication system comprising a first device and a seconddevice, and transmitting an enciphered authentication data between saidfirst device and said second device and determining whether atransmission of data to be transmitted between said first device andsaid second device is to be permitted or not, said first and seconddevices each including: encipher means for enciphering saidauthentication data while changing an encipherment rule for each unittransmission of data to be transmitted, wherein said encipher means isconfigured to change the encipherment rule enciphering saidauthentication data for each unit transmission according to a number ofsaid transmissions; and transmitting means for transmitting saidenciphered authentication data, wherein said first device furtherincludes: prohibition command output means for determining whether ornot a second authentication data, which is transmitted from said secondto said first device and generated in said second device by anencipherment based on a first authentication data transmitted from saidfirst device, matches with data generated by enciphering said firstauthentication data in said first device based on an encipherment rulecorresponding to the same number of transmissions, and for supplying aprohibition command prohibiting the transmission of said data to betransmitted as an output when the determination result is negative. 2.The authentication system according to claim 1, wherein said firstdevice includes: first basic authentication data store means for storinga basic authentication data; first enciphered authentication datageneration means for generating an enciphered authentication data basedon said basic authentication data using an encipherment rule when anencipherment command is provided, said first enciphered authenticationdata generation means configured to change said encipherment ruleaccording to the number of supplied encipherment commands; firsttransmitting means for transmitting said enciphered authentication data;and first receiving means for receiving an enciphered authenticationdata transmitted from said second device, said second device includes:second receiving means for receiving the enciphered authentication datatransmitted from said first device; basic authentication dataacquisition means for extracting the basic authentication data from saidenciphered authentication data based on the encipherment rule employedin said enciphered authentication data generation means; second basicauthentication data store means for storing extracted said basicauthentication data; second enciphered authentication data generationmeans for generated an enciphered authentication data according to thesame encipherment rule as in said first device, said second encipheredauthentication data generation means configured to change saidencipherment rule according to the number of supplied enciphermentcommand; and second transmitting means for transmitting said encipheredauthentication data.
 3. The authentication system according to claim 2,wherein said first and second enciphered authentication data generationmeans change said encipherment rule by changing the number of processesrepeated for encipherment process according to the number of suppliedencipherment commands.
 4. The authentication system according to claim2, wherein said first device further includes: random number generationmeans for generating a random number; and basic authentication datageneration means for making said basic authentication data stored insaid first basic authentication data store means based on a presetsetting data and said random number.
 5. The authentication systemaccording to claim 2, wherein said first transmitting means adds saidenciphered authentication data to said data to be transmitted andtransmitting the resulting data, said second receiving means receivessaid data to be transmitted with said enciphered authentication data,and said basic authentication data acquisition means extracts saidenciphered authentication data added to said data to be transmitted andobtains said basic authentication data.
 6. The authentication systemaccording to claim 2, wherein said first device transmits saidenciphered authentication data every predetermined time period.
 7. Theauthentication system according to claim 2, wherein said first device isa telephone, said second device is an IC card for the telephone, saidtelephone changes said encipherment rule every time a predetermined timeperiod allowed for conversation corresponding to each unit countelapses.
 8. An authentication device included in a first device andemployed upon a transmission of data to be transmitted between a seconddevice, comprising: basic authentication data store means for storingbasic authentication data; enciphered authentication data generationmeans for generating a first enciphered authentication data based onsaid basic authentication data using an encipherment rule when anencipherment command is provided, said first enciphered authenticationdata generation means configured to change said encipherment ruleaccording to the number of supplied encipherment commands; transmittingmeans for transmitting said first enciphered authentication data to saidsecond device; receiving means for receiving a second encipheredauthentication data transmitted from said second device; and prohibitioncommand and output means for determining whether or not said secondenciphered authentication data, which is transmitted from said seconddevice to said first device and generated in said second device by anencipherment based on said first enciphered authentication datatransmitted from said first device, matches with generated byenciphering said first authentication data based on an encipherment rulecorresponding to the same number of the encipherment commands suppliedto the enciphered authentication data generation means, and forsupplying a prohibition command to prohibit the transmission of saiddata to be transmitted when the determination result is negative.
 9. Anauthentication method employed upon transmission of data to betransmitted between two devices, comprising the steps of: changing anencipherment rule according to the number of supplied enciphermentcommands, and generating a first enciphered authentication data based ona basic authentication data at one device of said two devices;transmitting said first enciphered authentication data from said onedevice to another device of said two devices; deciphering said firstenciphered authentication data received from said one device, extractingsaid basic authentication data, generating a second encipheredauthentication data according to said encipherment rule at said anotherdevice and transmitting the second encipherment authentication data tosaid one device; comparing said second enciphered authentication datareceived at said one device with data generated at said one device byenciphering said first enciphered authentication data according to saidencipherment rule according to the number of said supplied enciphermentcommands and determining whether said generated data match with saidreceived second enciphered authentication data; and allowing thetransmission of said data to be transmitted when a result of saiddetermination is a match, and outputting a prohibition command toprohibit the transmission of said data to be transmitted if the resultof said determination is a mismatch.
 10. The authentication methodaccording to claim 9, wherein the number of processes repeated forenciphering the enciphered authentication data is changed when theencipherment rule is changed according to said number of suppliedencipherment commands.
 11. The authentication method according to claim9 wherein said basic authentication data includes a generated randomnumber portion.
 12. The authentication method according to claim 9wherein said enciphered authentication data is added to said data to betransmitted and transmitted.
 13. The authentication method according toclaim 9 wherein the transmission of said enciphered authentication datais performed every predetermined time period.
 14. The authenticationmethod according to claim 9 wherein said one device is a telephone, saidanother device is an IC card for the telephone, and said authenticationmethod is performed every time a predetermined time period allowed forconversation corresponding to a unit count elapses.